CN105933198A - Device for establishing direct connection VPN tunnel - Google Patents

Device for establishing direct connection VPN tunnel Download PDF

Info

Publication number
CN105933198A
CN105933198A CN201610251272.8A CN201610251272A CN105933198A CN 105933198 A CN105933198 A CN 105933198A CN 201610251272 A CN201610251272 A CN 201610251272A CN 105933198 A CN105933198 A CN 105933198A
Authority
CN
China
Prior art keywords
client
address
monitoring device
vpn tunneling
vpn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610251272.8A
Other languages
Chinese (zh)
Other versions
CN105933198B (en
Inventor
周迪
赵晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Uniview Technologies Co Ltd
Original Assignee
Zhejiang Uniview Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Uniview Technologies Co Ltd filed Critical Zhejiang Uniview Technologies Co Ltd
Priority to CN201610251272.8A priority Critical patent/CN105933198B/en
Publication of CN105933198A publication Critical patent/CN105933198A/en
Application granted granted Critical
Publication of CN105933198B publication Critical patent/CN105933198B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2592Translation of Internet protocol [IP] addresses using tunnelling or encapsulation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a device for establishing a direct connection VPN tunnel. The device comprises a VPN relay service module, a NAT tunneling service module and a configuration module. The VPN relay service module is used for establishing a VPN tunnel with a client side and monitoring equipment respectively. The NAT tunneling service module acquires the public network mapping IP address and the port number of the client side and the monitoring equipment. The client side and the monitoring equipment establish UDP connection through tunneling according to the received opposite-end public network mapping IP address and the port number. The client side and the monitoring equipment establish UDP connection and then the configuration module distributes the monitoring equipment as a VPN tunnel server and distributes the client side as a VPN tunnel client side and issues configuration information to the client side and the monitoring equipment so that the client side and the monitoring equipment are enabled to establish the direct connection VPN tunnel through UDP connection, and the client side directly accesses the monitoring equipment to acquire monitoring videos on the monitoring equipment through the VPN tunnel.

Description

A kind of device setting up direct-connected vpn tunneling
Technical field
The invention belongs to field of data communication, particularly relate to a kind of device setting up direct-connected vpn tunneling.
Background technology
The network environment that video monitoring system is applied at public network is complicated, and client and video monitoring equipment lead to It is frequently located in different private networks, needs on NAT device, the different business data of video monitoring to be entered Row public network IP address and private network IP address map, and client just can be made to access and receive NVR/IPC Monitor video, whole video monitoring system realize complexity, configure loaded down with trivial details;And work as NAT device When change occurs in the public network IP address of upper use, need to reconfigure, use inconvenience.Additionally some Within equipment is located across the private network of multi-layer NAT conversion, it is impossible to the private directly these equipment used Net IP address is mapped to public network IP address.
In order to tackle various NAT networking application environment, client and video monitoring equipment divide It is not connected to be positioned at the video monitoring server of public network, client and video monitoring equipment by VPN Carry out data forwarding by video monitoring server at public network to communicate, but this mode needs in a large number Take the communication between the bandwidth of video server and disposal ability, and client and video server Carry out forwarding by video server and can bring extra data packetloss and time delay.
In order to solve the problems referred to above, the application for a patent for invention of Publication No. CN104506802A, open Increase Client Agent module at client-side and increase monitoring device generation in video monitoring equipment side Reason module, Client Agent module and monitoring device proxy module are under the assistance of video monitoring server , set up UDP channel, client and video monitoring equipment by respective generation by vpn tunneling technology Reason module directly communicates through this UDP channel, thus solves client and video monitoring equipment Between communication to carry out forwarding the problem brought through video server.But client in the program With the communication between video monitoring equipment will be processed by respective proxy module and forward, deposit The problems such as resource is many, and efficiency of transmission is the highest, and signaling negotiation and Service control are complicated are consumed at proxy module.
Summary of the invention
It is an object of the invention to provide a kind of device setting up direct-connected vpn tunneling, at management server Assistance under, client and video monitoring equipment are directly set up vpn tunneling and are communicated, with solve In prior art, client needs by Client Agent and monitoring device with communicating of video monitoring equipment Agency process and forward, proxy module consume resource many, efficiency of transmission is the highest, signaling negotiation and The problem that Service control is complicated.
To achieve these goals, technical solution of the present invention is as follows:
A kind of device setting up direct-connected vpn tunneling, the management service being applied in video monitoring system Device, described video monitoring system includes client and monitoring device, the Yi Jiwei being positioned at different private network In the management server of public network, the described device setting up direct-connected vpn tunneling, including:
VPN relay service modules, for setting up vpn tunneling respectively with client and monitoring device;
NAT burrows service module, maps IP address, port numbers for obtaining the public network of client, And the public network of monitoring device maps IP address, port numbers, the public network of client is mapped IP address It is sent to monitoring device with port numbers, the public network of monitoring device is mapped IP address and port numbers sends To client, so that client and monitoring device utilize the IP address and port number information each received Carry out burrowing cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect ;
Configuration module, is used for distributing monitoring device and client is respectively vpn tunneling role server With vpn tunneling client role, issue configuration information to client and monitoring device so that client End and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
Further, described configuration module assignment monitoring device and client are respectively vpn tunneling clothes Business device role and vpn tunneling client role, issues configuration information to client and monitoring device, When making client and monitoring device by the direct-connected vpn tunneling of UDP connection establishment, perform following behaviour Make:
Distribution monitoring device is vpn tunneling server, issues the virtual of vpn tunneling server use The Microsoft Loopback Adapter address that NIC address and vpn tunneling client use, to monitoring device, issues and carries out The username and password of authentication is to monitoring device, in order to monitoring device completes vpn tunneling server Configuration, then starts on the private network IP address and private network port numbers of monitoring device and intercepts process, detect Listen the vpn tunneling connection request of vpn tunneling client, listen to vpn tunneling connection request After carry out subscription authentication and response, in monitoring device generate PPP Microsoft Loopback Adapter interface, and will distribution It is handed down to client to the Microsoft Loopback Adapter address of vpn tunneling client;
Distribution client is vpn tunneling client, the IP of notice client VPN tunnel server Address and public network that port numbers is monitoring device map IP address and port numbers, and issue and authenticate Username and password to client, in order to client sends to monitoring device and sets up vpn tunneling even Connect request, receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, PPP Microsoft Loopback Adapter interface is generated in client.
Further, described configuration module is additionally operable to:
Notice client and monitoring device generate address for the purpose of the Microsoft Loopback Adapter address of the other side respectively Host routes.
Wherein, the purpose IP address of the Host routes of described client is for distributing to vpn tunneling service The Microsoft Loopback Adapter address of device, outgoing interface is the PPP Microsoft Loopback Adapter interface in client, and described monitoring sets The purpose IP address of standby Host routes is the Microsoft Loopback Adapter address distributing to vpn tunneling client, Outgoing interface is the PPP Microsoft Loopback Adapter interface in monitoring device.
The invention allows for a kind of device setting up direct-connected vpn tunneling, be applied to video monitoring system Client in system, described video monitoring system includes that the client being positioned at different private network and monitoring set Standby, and it is positioned at the management server of public network, the described device setting up direct-connected vpn tunneling, including :
Client relaying VPN module, disappears for setting up vpn tunneling request to management server transmission Breath, sets up vpn tunneling with management server;
Client burrows module, maps IP for receiving the public network of the monitoring device that management server issues By the cross-over NAT equipment that burrows between address and port numbers, and monitoring device, set up and monitoring device Between UDP connect;
Client direct-connected VPN module, for receiving the configuration information that management server issues, with prison Control equipment passes through the vpn tunneling that UDP connection establishment is direct-connected.
Further, described client direct-connected VPN module is receiving the configuration that management server issues Information, during with monitoring device by UDP connection establishment direct-connected vpn tunneling, performs following operation :
Distribution according to management server is arranged from as vpn tunneling client, receives management service IP address and the public network that port numbers is monitoring device of the vpn tunneling server that device issues map IP Address and port numbers, and carry out the username and password authenticated, send to monitoring device and set up VPN Tunnel connection request;
Receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, generate PPP Microsoft Loopback Adapter interface.
Further, described client direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of monitoring device Host routes, the purpose IP address of described Host routes is the void distributing to vpn tunneling server Intending NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
The invention allows for a kind of device setting up direct-connected vpn tunneling, be applied to video monitoring system Monitoring device in system, described video monitoring system includes client and the monitoring being positioned at different private network Equipment, and it is positioned at the management server of public network, the described device setting up direct-connected vpn tunneling, bag Include:
Monitoring device relaying VPN module, sets up vpn tunneling request for sending to management server Message, sets up vpn tunneling with management server;
Monitoring device burrows module, maps IP for receiving the public network of the client that management server issues By the cross-over NAT equipment that burrows between address and port numbers, and client, set up between client UDP connect;
Monitoring device direct-connected VPN module, for receiving the configuration information that management server issues, with Client passes through the vpn tunneling that UDP connection establishment is direct-connected.
Further, described monitoring device direct-connected VPN module is in joining that reception management server issues Confidence ceases, and during with client by UDP connection establishment direct-connected vpn tunneling, performs following operation :
Distribution according to management server is arranged from as vpn tunneling server, receives management service The Microsoft Loopback Adapter address of the vpn tunneling server use that device issues and vpn tunneling client use Microsoft Loopback Adapter address, and carry out the username and password authenticated, self private network IP address and Start in private network port numbers and intercept process, intercept the vpn tunneling connection request of vpn tunneling client , after listening to vpn tunneling connection request, carry out subscription authentication and response, with certainly, generate PPP Microsoft Loopback Adapter interface, and client is handed down in the Microsoft Loopback Adapter address distributing to vpn tunneling client End.
Further, described monitoring device direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of client Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling client virtual NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
The present invention proposes a kind of device setting up direct-connected vpn tunneling, in the assistance of management server Under, client and monitoring device first carry out burrowing set up UDP connect, cross-over NAT equipment, then Connected the foundation of direct-connected vpn tunneling by UDP, set up straight between client and monitoring device After vpn tunneling even, client directly can obtain video by accessing monitoring equipment, solves existing In technology, client is acted on behalf of by Client Agent and monitoring device with the needs that communicate of video monitoring equipment Processing and forward, proxy module consumption resource is many, and efficiency of transmission is the highest, signaling negotiation and business Control complicated problem.
Accompanying drawing explanation
Fig. 1 is the apparatus structure schematic diagram that the embodiment of the present invention one sets up direct-connected vpn tunneling;
Fig. 2 is the schematic network structure of embodiment of the present invention video monitoring system;
Fig. 3 is the apparatus structure schematic diagram that the embodiment of the present invention two sets up direct-connected vpn tunneling;
Fig. 4 is the apparatus structure schematic diagram that the embodiment of the present invention three sets up direct-connected vpn tunneling;
Fig. 5 is the method flow diagram that the embodiment of the present invention four sets up direct-connected vpn tunneling.
Detailed description of the invention
With embodiment, technical solution of the present invention is described in further details below in conjunction with the accompanying drawings, real below Execute example and do not constitute limitation of the invention.
In video surveillance network, client need accessing monitoring equipment to obtain monitor video, but objective Family end and monitoring device are frequently located in different private networks, and client and monitoring device all use private network IP Address, therefore client cannot direct accessing monitoring equipment.The invention provides a kind of in management service Under the assistance of device, client and monitoring device set up the device of direct-connected vpn tunneling, direct-connected VPN tunnel After road is set up, client can directly accessing monitoring equipment, the monitor video needed for acquisition.
Embodiment one,
As it is shown in figure 1, a kind of device setting up direct-connected vpn tunneling of the present embodiment, it is applied to management Server, including:
VPN relay service modules, for setting up vpn tunneling respectively with client and monitoring device.
In existing video surveillance network, client and monitoring device by respectively with the pipe in public network Reason server sets up vpn tunneling to pass through the NAT device of client and monitoring device, passes through public network In management server the monitoring video flow in monitoring device is transmitted to client.The present embodiment manages Server is the video management server of video monitoring system.Monitoring device/client is servicing with management When vpn tunneling set up by device, the NAT device of monitoring device/client can generate this monitoring device Private network IP address and port numbers and public network map IP address and the mapping relations table of port numbers, and monitoring sets Standby/client uses private network IP address and port numbers to send to management server VPN relay service modules Setting up vpn tunneling request message, NAT device will set up monitoring device in vpn tunneling request message The private network IP address of/client and port numbers are converted to the public network of monitoring device/client and map IP ground It is sent to manage server VPN relay service modules behind location and port numbers, in management server VPN The vpn tunneling of setting up of the service module response monitoring equipment/client that continues asks message, completes VPN The foundation in tunnel.
Client/monitoring device sets up vpn tunneling with management server respectively, can be used for subsequent clients Interacting message between end/monitoring device and management server, simultaneously between client and monitoring device Direct-connected vpn tunneling fault time, client can use self with management server set up VPN tunnel Road carrys out Access Management Access server, and management server is communicated by the vpn tunneling with monitoring device, The monitor video forwarding acquisition monitoring device by management server.
NAT burrows service module, maps IP address, port numbers for obtaining the public network of client, And the public network of monitoring device maps IP address, port numbers, the public network of client is mapped IP address It is sent to monitoring device with port numbers, the public network of monitoring device is mapped IP address and port numbers sends To client, in order to client and monitoring device utilize the IP address and port number information each received Carry out burrowing cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect.
Agreement STUN (Simple Traversal of is passed through by NAT between client and monitoring device UDP Through NAT) burrow cross-over NAT equipment, and set up UDP between the two and connect.
Assuming that client is STUN ClientA, the NAT of client-side is NA, and monitoring device is STUN ClientB, the NAT of monitoring device side are NB, and management server is STUN Server, Client burrows with monitoring device, and to set up the process that UDP is connected as follows for cross-over NAT equipment:
(1) STUN ClientA is disappeared to STUN Server transmission UDP request STUN by NA The translated addresses of self is inquired and registered to breath;
(2) STUN Server receives request message, produces response message, and carrying in response message please Seek the source port of message, i.e. the outside port that STUN ClientA is corresponding on NA, it is then responding to Message is sent to STUN ClientA by NA;
(3) STUN ClientB is disappeared to STUN Server transmission UDP request STUN by NB The translated addresses of self is inquired and registered to breath;
(4) STUN Server receives request message, produces response message, and carrying in response message please Seek the source port of message, i.e. the outside port that STUN ClientB is corresponding on NB, it is then responding to Message is sent to STUN ClientB by NB;
(5) its external address corresponding on NA and port information are included in by STUN ClientA In message, being sent to STUN Server request will be with STUN ClientB communication;
(6) after STUN Server receives solicited message, the registered address of inquiry STUN ClientB , and forward a request to STUN ClientB by NB;
(7) STUN ClientB by the content in message body learn STUN ClientA outside Address, portion and port, and its external address corresponding on NB and port information are included in response and disappear In breath, then response message is sent to STUN ClientA, STUN ClientA and receives response letter It is also known that the external address of STUN ClientB and port after breath, thus at STUN ClientA And between STUN ClientB, establishing UDP connection, the communication solving the passing through NAT that burrows is built Vertical problem.
It should be noted that arranging monitoring device is STUN ClientA, client is STUN ClientB, is capable of the passing through NAT that burrows equally, repeats no more here.
The present embodiment management server NAT burrow service module getting client public network map After the public network of IP address, port numbers, and monitoring device maps IP address, port numbers, pass through VPN The public network of client is mapped the vpn tunneling that relay service modules is set up IP address and port numbers sends To monitoring device, the public network of monitoring device is mapped IP address and port numbers is sent to client, visitor Family end and monitoring device utilize the public network each received to map IP address and port number information burrows.
Burrow and between rear client and monitoring device, established the UDP of a cross-over NAT equipment Connect, specifically include: on the NAT device of client, generate an internal address and port numbers is The private network IP address of client and port numbers, outer net address and the public network that port numbers is client map IP address and the session connection of port numbers, this session connection only accepts the public network of monitoring device and maps IP The access of address, generates an internal address and port numbers on the NAT device of monitoring device simultaneously It is the public affairs of monitoring device for private network IP address and the port numbers of monitoring device, outer net address and port numbers Net maps IP address and the session connection of port numbers, and this session connection only accepts the public network of client and reflects Penetrate the access of IP address.
Client maps IP address and port numbers by the public network of monitoring device and disappears to monitoring device transmission Breath, source IP address in message and private network IP address that port numbers is client and port numbers, client Source IP address in message and port numbers are converted to the public network of client and map IP by the NAT device of end Being sent to the NAT device of monitoring device behind address and port numbers, the NAT device of monitoring device receives After message by the purpose IP address in message and port numbers by the public network of monitoring device map IP address and Port numbers is sent to monitoring device after being converted to the private network IP address of monitoring device and port numbers.Monitoring Equipment maps IP address by the public network of client and port numbers sends message to client, in message Source IP address and private network IP address that port numbers is monitoring device and port numbers, monitoring device Source IP address in message and port numbers are converted to the public network of monitoring device and map IP ground by NAT device Being sent to the NAT device of monitoring device behind location and port numbers, the NAT device of monitoring device receives and disappears After breath, the purpose IP address in message and port numbers are mapped IP address and port by the public network of client It is sent to client after number being converted to the private network IP address of client and port numbers.In this way Client and monitoring device just can utilize the UDP set up that burrows to connect and directly send mutually message.
It should be noted that due to the session connection on the NAT device of client and monitoring device all Expired time, client and monitoring device is had to build by burrowing by sending periodic keep-alive message Vertical UPD connection carries out keep-alive.
Configuration module, is used for distributing monitoring device and client is respectively vpn tunneling role server With vpn tunneling client role, issue configuration information to client and monitoring device so that client End and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
Client and monitoring device are burrowing successfully, after setting up UDP connection, will burrow and successfully disappear Breath is sent to manage server.After management server configures module receives the successful message that burrows, distribution Monitoring device is vpn tunneling server, issues the Microsoft Loopback Adapter address that vpn tunneling server uses With vpn tunneling client use Microsoft Loopback Adapter address to monitoring device, issue and carry out authentication user Name and password complete to monitoring device, the message that monitoring device issues according to management server configures module The configuration of vpn tunneling server, then on the private network IP address and private network port numbers of monitoring device Start and intercept process, intercept the vpn tunneling connection request of vpn tunneling client.Listening to Carry out subscription authentication and response after vpn tunneling connection request, in monitoring device, generate PPP subsequently Microsoft Loopback Adapter interface, this Microsoft Loopback Adapter interface is that the vpn tunneling server that management server issues makes Microsoft Loopback Adapter address.
Management server configures module assignment client is vpn tunneling client, notifies client The IP address of vpn tunneling server and the public network that port numbers is monitoring device map IP address and public network Port numbers, and issue the username and password carrying out authenticating and send out to monitoring device to client, client Sending and set up vpn tunneling connection request, monitoring device listens to after this sets up vpn tunneling connection request Carry out subscription authentication and response, and server configures module assignment will be managed to vpn tunneling client Microsoft Loopback Adapter address be handed down to client, client receives the vpn tunneling visitor that monitoring device issues The Microsoft Loopback Adapter address that family end uses, generates PPP Microsoft Loopback Adapter interface on the client, completes VPN The foundation in tunnel.
After vpn tunneling between client and monitoring device is set up, in client and monitoring device A new PPP Microsoft Loopback Adapter interface, the PPP Microsoft Loopback Adapter interface in monitoring device will be generated IP address be management server-assignment to the Microsoft Loopback Adapter address of vpn tunneling server, client On the IP address of PPP Microsoft Loopback Adapter interface be that management server-assignment is to vpn tunneling client Microsoft Loopback Adapter address.
Then management server configures module notice client and monitoring device generate respectively with the other side's The Host routes of address for the purpose of Microsoft Loopback Adapter address, or issue a Host routes respectively to client And monitoring device.Wherein the purpose IP address of the Host routes of client is given for management server-assignment The Microsoft Loopback Adapter address of vpn tunneling server, outgoing interface is that in client, newly-established PPP is virtual Network card interface, the purpose IP address of the Host routes of monitoring device is for managing server-assignment to VPN The Microsoft Loopback Adapter address of tunnel client end, outgoing interface is newly-established PPP Microsoft Loopback Adapter in monitoring device Interface.
It should be noted that the present embodiment distribution monitoring device is vpn tunneling server, distribution visitor Family end is vpn tunneling client, client initiate to set up vpn tunneling connection request.Similarly , it is also possible to distribution client is vpn tunneling server, and distribution monitoring device is vpn tunneling client End, is initiated to set up vpn tunneling connection request by monitoring device.The invention is not restricted to concrete implementation Form.
Thus client and monitoring device establish direct-connected under the assistance of management server configures module Vpn tunneling, use management server configures module assignment to the virtual net of vpn tunneling server Card address and management server configures module assignment are straight to the Microsoft Loopback Adapter address of vpn tunneling client Connecing and communicate, client directly obtains monitor video from monitoring device.
It should be noted that when the direct-connected vpn tunneling of client and monitoring device foundation breaks down Time, owing to client has all set up VPN tunnel with management server, monitoring device with management server Road, the vpn tunneling that client can use it and management server to set up carrys out Access Management Access server, The monitor video forwarding acquisition monitoring device by management server.
Below by citing, the present embodiment is illustrated, the not office of the vpn tunneling in the present embodiment It is limited to use certain special agreement, can be L2TP, PPTP, IPSec or GRE, this example L2TP is used to illustrate.As in figure 2 it is shown, the public network IP address of management server is: 202.110.110.25, management server is L2TP server, and the IP address of L2TP server is 10.10.10.1.The IP address of monitoring device is: 192.168.1.110, and the IP address of client is 192.168.2.220, the public network IP address of the NAT device of monitoring device is: 202.100.100.11, The public network IP address of the NAT device of client is: 202.200.200.22.Monitoring device is to management clothes Business device VPN relay service modules sends sets up L2TP Tunnel request message, VPN relay services mould Block responds this and sets up L2TP Tunnel request, to the private network IP address of monitoring device distribution 10.10.10.2 As the IP address of L2TP client, and notifying monitoring device, the IP address of L2TP server is 10.10.10.1, monitoring device sets up, according to the response message received, the PPP0 that IP address is 10.10.10.2 Interface, and generate following routing table:
Table 1
Client is set up L2TP Tunnel request to management server VPN relay service modules transmission and is disappeared Breath, VPN relay service modules responds this and sets up L2TP Tunnel request, distributes to client 10.10.10.3 private network IP address is as the IP address of L2TP client, and notifies client, L2TP The IP address of server is 10.10.10.1, and client is set up IP address according to the response message received and is 10.10.10.3 PPP0 interface, and generate following routing table:
Destination address Subnet mask Gateway Outlet network interface card
10.10.10.1 32 * PPP0
192.168.2.0 24 192.168.2.1 Eth1
10.10.0.0 16 10.10.10.1 PPP0
0.0.0.0 0.0.0.0 192.168.1.1 Eth1
Table 2
When client wants accessing monitoring equipment to set up UDP connection, pass through agreement STUN by NAT, pipe Reason server NAT burrow service module obtain monitoring device public network map IP address 202.100.100.11 and port numbers 10001, and the public network mapping IP address of client 202.200.200.22 with port numbers 10021, management server NAT burrows service module by monitoring device Public network map IP address 202.100.100.11 and port numbers 10001 and be sent to client, manage simultaneously The public network of client is mapped IP address 202.200.200.22 and end by the server NAT service module that burrows Slogan 10021 is sent to monitoring device, client and monitoring device and burrows according to the information received , the rear monitoring device that burrowed is by private net address 192.168.1.110, and port 15000 receives and dispatches message , it is 202.100.100.11 that this address port maps outer net address at local NAT device, port 10001. Client passes through private net address 192.168.2.200, and port 11000 receives and dispatches message, and this address port exists It is 202.200.200.22 that local NAT device maps outer net address, port 10021.
Client and monitoring device are set up after connecting and are sent keep-alive message, it is to avoid conversational list on NAT device Item is aging.Monitoring device and the client successful message that will burrow all reports management server, management The server NAT service module that burrows determines that both have burrowed successfully.
Now monitoring device mails to 202.200.200.22, and the message of port 10021 will be by client-side NAT device is transmitted to client 192.168.2.200, port 11000.Client mails to 202.100.100.11, the message of port 10001, monitored device side NAT device is transmitted to monitoring Equipment 192.168.1.110, port 15000.
After successful message that management server configures module receives client and monitoring device burrows, notice Monitoring device is as L2TP server, and L2TP server ip address is 10.10.10.4, L2TP visitor End IP address, family is 10.10.10.5, the L2TP entitled XXX of authentication user, and password is YYY, and monitoring sets After the standby information issued according to configuration module completes the relevant configuration of L2TP, at 192.168.1.110, end Mouth 15000 starts L2TP Server intercepts, and prepares to accept L2TP client and dials in.
Then, configuration module notice client, distribute it for L2TP Client, L2TP Server address For 202.100.100.11, port is 10001, and L2TP authentication user is XXX, and password is YYY. After the notified message of client, to 202.100.100.11, port 10001 initiates L2TP dial-up connection Request, authentication user is XXX, and password is YYY, and the NAT device of monitoring device side receives L2TP After dial-up connection request message, purpose IP address and port numbers are changed by 202.100.100.11 and 10001 For being sent to monitoring device after 192.168.2.220 and 11000, monitoring device is in IP address 192.168.1.110 listen to reflect after message is asked in this L2TP dial-up connection with in port numbers 15000 Power and response.Authentication is by rear, and L2TP server notifies L2TP client, distributes to L2TP visitor The IP address of family end be the IP address of 10.10.10.5, L2TP server be 10.10.10.4.L2TP tunnel Road is set up and can be generated a new PPP interface that IP address is 10.10.10.4 on rear video server, connects The numbered PPP1 of mouth, client can generate a new PPP interface that IP address is 10.10.10.5, Interface index is PPP1.
Then configuration module issues a route to respectively client and monitoring device, wherein client The purpose IP address of route is 10.10.10.4, and outgoing interface is PPP1, purpose IP of the route of monitoring device Address is 10.10.10.5, and outgoing interface is PPP1.
Now, the routing table of monitoring device is as follows:
Table 3
The routing table of client is as follows:
Destination address Subnet mask Gateway Outlet network interface card
10.10.10.1 32 * PPP0
10.10.10.4 32 * PPP1
192.168.1.0 24 192.168.1.1 Eth1
10.10.0.0 16 10.10.10.1 PPP0
0.0.0.0 0.0.0.0 192.168.1.1 Eth1
Table 4
Monitoring device IP address 10.10.10.4, matched routings is preferentially used during client-access monitoring device Article 2 route in client routing table, by the direct-connected L2TP Tunnel between client and monitoring device Accessing monitoring equipment.During direct-connected L2TP Tunnel fault between client and monitoring device, then use The IP address 10.10.10.2 of monitoring device, in matched routings client routing table, Article 4 route, passes through Management server carries out transfer and carrys out accessing monitoring equipment.
Embodiment two,
As it is shown on figure 3, a kind of device setting up direct-connected vpn tunneling of the present embodiment, it is applied to video prison Client in Ore-controlling Role, including:
Client relaying VPN module, disappears for setting up vpn tunneling request to management server transmission Breath, sets up vpn tunneling with management server;
Client burrows module, maps IP for receiving the public network of the monitoring device that management server issues By the cross-over NAT equipment that burrows between address and port numbers, and monitoring device, set up and monitoring device Between UDP connect;
Client direct-connected VPN module, for receiving the configuration information that management server issues, with prison Control equipment passes through the vpn tunneling that UDP connection establishment is direct-connected.
The present embodiment client direct-connected VPN module is receiving the configuration information that management server issues, During with monitoring device by UDP connection establishment direct-connected vpn tunneling, perform following operation:
Distribution according to management server is arranged from as vpn tunneling client, receives management service IP address and the public network that port numbers is monitoring device of the vpn tunneling server that device issues map IP Address and port numbers, and carry out the username and password authenticated, send to monitoring device and set up VPN Tunnel connection request;
Receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, generate PPP Microsoft Loopback Adapter interface.
It should be noted that it is vpn tunneling client that the present embodiment can also distribute monitoring device, And distributing client is vpn tunneling server, repeat no more here.
The present embodiment client direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of monitoring device Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling server virtual NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
It should be noted that management server configures module notice client and monitoring device generate respectively The Host routes of address for the purpose of the Microsoft Loopback Adapter address of the other side, or issue a Host routes respectively To client and monitoring device, the invention is not restricted to concrete implementation mode.
Embodiment three,
As shown in Figure 4, a kind of device setting up direct-connected vpn tunneling of the present embodiment, it is applied to video Monitoring device in monitoring system, including:
Monitoring device relaying VPN module, sets up vpn tunneling request for sending to management server Message, sets up vpn tunneling with management server;
Monitoring device burrows module, maps IP for receiving the public network of the client that management server issues By the cross-over NAT equipment that burrows between address and port numbers, and client, set up between client UDP connect;
Monitoring device direct-connected VPN module, for receiving the configuration information that management server issues, with Client passes through the vpn tunneling that UDP connection establishment is direct-connected.
The present embodiment monitoring device direct-connected VPN module is receiving the configuration information that management server issues , during with client by UDP connection establishment direct-connected vpn tunneling, perform following operation:
Distribution according to management server is arranged from as vpn tunneling server, receives management service The Microsoft Loopback Adapter address of the vpn tunneling server use that device issues and vpn tunneling client use Microsoft Loopback Adapter address, and carry out the username and password authenticated, self private network IP address and Start in private network port numbers and intercept process, intercept the vpn tunneling connection request of vpn tunneling client , after listening to vpn tunneling connection request, carry out subscription authentication and response, with certainly, generate PPP Microsoft Loopback Adapter interface, and client is handed down in the Microsoft Loopback Adapter address distributing to vpn tunneling client End.
The present embodiment monitoring device direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of client Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling client virtual NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
Similarly, it is vpn tunneling client that the present embodiment can also distribute monitoring device, and distributes Client is vpn tunneling server;Management server configures module notice client and monitoring device Generate the Host routes of address for the purpose of the Microsoft Loopback Adapter address of the other side respectively, or issue one respectively Host routes, to client and monitoring device, the invention is not restricted to concrete implementation mode.
Embodiment four,
As it is shown in figure 5, present embodiment describes the method setting up direct-connected vpn tunneling, including:
Step S1, management server set up vpn tunneling respectively with client and monitoring device.
The present embodiment management server is the video management server of video monitoring system, monitoring device/ Client is when setting up vpn tunneling with management server, on the NAT device of monitoring device/client Can generate the private network IP address of this monitoring device and port numbers and public network maps IP address and port numbers Mapping relations table, monitoring device/client uses private network IP address and port numbers to send out to management server Send and set up vpn tunneling request message, NAT device will set up vpn tunneling ask monitoring device in message/ The private network IP address of client and port numbers are converted to the public network of monitoring device/client and map IP ground It is sent to manage server, building of management server response monitoring equipment/client behind location and port numbers Vertical vpn tunneling request message, completes the foundation of vpn tunneling.
Client/monitoring device sets up vpn tunneling with management server respectively, can be used for sending follow-up Interaction message between client/monitoring device and management server in step, simultaneously client with During direct-connected vpn tunneling fault between monitoring device, client can use and self build with management server Vertical vpn tunneling carrys out Access Management Access server, and management server is by the VPN tunnel with monitoring device Road communicates, by the monitor video forwarding acquisition monitoring device of management server.
Step S2, management server obtain the public network of client and map IP address, port numbers, and The public network of monitoring device maps IP address, port numbers, and the public network of client is mapped IP address and end Slogan is sent to monitoring device, the public network of monitoring device is mapped IP address and port numbers is sent to visitor Family end, in order to client and monitoring device utilize the IP address each received and port number information to carry out Burrow cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect.
Agreement STUN (Simple Traversal of is passed through by NAT between client and monitoring device UDP Through NAT) burrow cross-over NAT equipment, and set up UDP between the two and connect.
The present embodiment management server maps IP address, port numbers at the public network getting client, And after the public network of monitoring device maps IP address, port numbers, by the VPN set up in step S1 The public network of client is mapped IP address in tunnel and port numbers is sent to monitoring device, by monitoring device Public network map IP address and port numbers and be sent to client, client and monitoring device and utilize each The public network received maps IP address and port number information burrows.
Burrow and established the UDP of a cross-over NAT equipment between rear client and monitoring device even Connect, specifically include: on the NAT device of client, generate an internal address and port numbers is client The private network IP address of end and port numbers, outer net address and the public network that port numbers is client map IP ground Location and the session connection of port numbers, this session connection only accepts the public network of monitoring device and maps IP address Access, on the NAT device of monitoring device, generate an internal address and port numbers for monitoring simultaneously The private network IP address of equipment and port numbers, outer net address and the public network that port numbers is monitoring device map IP address and the session connection of port numbers, this session connection only accepts the public network of client and maps IP ground The access of location.
Client maps IP address and port numbers by the public network of monitoring device and disappears to monitoring device transmission Breath, source IP address in message and private network IP address that port numbers is client and port numbers, client Source IP address in message and port numbers are converted to the public network of client and map IP by the NAT device of end Being sent to the NAT device of monitoring device behind address and port numbers, the NAT device of monitoring device receives and disappears After breath, the purpose IP address in message and port numbers are mapped IP address and end by the public network of monitoring device Slogan is sent to monitoring device after being converted to the private network IP address of monitoring device and port numbers.Monitoring sets Message is sent to client, in message for by public network mapping IP address and the port numbers of client Source IP address and private network IP address that port numbers is monitoring device and port numbers, the NAT of monitoring device Equipment the source IP address in message and port numbers are converted to monitoring device public network map IP address and Being sent to the NAT device of monitoring device after port numbers, the NAT device of monitoring device will after receiving message Purpose IP address and port numbers in message are mapped IP address and port numbers conversion by the public network of client For being sent to client after the private network IP address of client and port numbers.Client in this way The UDP connection that just can utilizing with monitoring device burrows sets up directly sends mutually message.
It should be noted that owing to the session connection on the NAT device of client and monitoring device has Expired time, client and monitoring device are by sending periodic keep-alive message to by burrowing foundation UPD connect carry out keep-alive.
Step S3, management server-assignment monitoring device and client are respectively vpn tunneling server Role and vpn tunneling client role, issue configuration information to client and monitoring device so that Client and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
Client and monitoring device are burrowing successfully, after setting up UDP connection, will burrow and successfully disappear Breath is sent to manage server.After management server receives the successful message that burrows, distribute monitoring device For vpn tunneling server, issue Microsoft Loopback Adapter address and VPN that vpn tunneling server uses The Microsoft Loopback Adapter address that tunnel client end uses, to monitoring device, issues and carries out authentication user name and password To monitoring device, the message that monitoring device issues according to management server completes vpn tunneling server Configuration, then on the private network IP address and private network port numbers of monitoring device start intercept process, Intercept the vpn tunneling connection request of vpn tunneling client.Please listening to vpn tunneling connection Carry out subscription authentication and response after asking, in monitoring device, generate PPP Microsoft Loopback Adapter interface subsequently, should Microsoft Loopback Adapter interface is the Microsoft Loopback Adapter address that the vpn tunneling server that management server issues uses
Management server-assignment client is vpn tunneling client, notice client VPN tunnel clothes IP address and the public network that port numbers is monitoring device of business device map IP address and public network port number, and Issue the username and password carrying out authenticating and set up VPN to client, client to monitoring device transmission Tunnel connection request, monitoring device listens to carry out user's mirror after this sets up vpn tunneling connection request Power and response, and management server-assignment is issued to the Microsoft Loopback Adapter address of vpn tunneling client To client, client receives the Microsoft Loopback Adapter of the vpn tunneling client use that monitoring device issues Address, generates PPP Microsoft Loopback Adapter interface on the client, completes the foundation of vpn tunneling.
After vpn tunneling between client and monitoring device is set up, in client and monitoring device A new PPP Microsoft Loopback Adapter interface, the PPP Microsoft Loopback Adapter interface in monitoring device will be generated IP address be management server-assignment to the Microsoft Loopback Adapter address of vpn tunneling server, client On the IP address of PPP Microsoft Loopback Adapter interface be that management server-assignment is to vpn tunneling client Microsoft Loopback Adapter address.
Then management server notice client and monitoring device generate the Microsoft Loopback Adapter with the other side respectively The Host routes of address for the purpose of address, or issue a Host routes respectively and set to client and monitoring Standby.Wherein the purpose IP address of the Host routes of client is for managing server-assignment to vpn tunneling The Microsoft Loopback Adapter address of server, outgoing interface is newly-established PPP Microsoft Loopback Adapter interface in client, The purpose IP address of the Host routes of monitoring device is for managing server-assignment to vpn tunneling client Microsoft Loopback Adapter address, outgoing interface is newly-established PPP Microsoft Loopback Adapter interface in monitoring device.
It should be noted that the present embodiment distribution monitoring device is vpn tunneling server, distribution visitor Family end is vpn tunneling client, client initiate to set up vpn tunneling connection request.Similarly , it is also possible to distribution client is vpn tunneling server, and distribution monitoring device is vpn tunneling client End, is initiated to set up vpn tunneling connection request by monitoring device.The invention is not restricted to concrete implementation Form.
Establish direct-connected under the assistance of management server by said method, client and monitoring device Vpn tunneling, use management server-assignment to the Microsoft Loopback Adapter address of vpn tunneling server and Management server-assignment directly communicates to the Microsoft Loopback Adapter address of vpn tunneling client, client End directly obtains monitor video from monitoring device.
It should be noted that when the direct-connected vpn tunneling of client and monitoring device foundation breaks down Time, owing to client has all set up VPN tunnel with management server, monitoring device with management server Road, the vpn tunneling that client can use it and management server to set up carrys out Access Management Access server, The monitor video forwarding acquisition monitoring device by management server.
Above example is only limited in order to technical scheme to be described, is not carrying on the back In the case of present invention spirit and essence thereof, those of ordinary skill in the art work as can be according to the present invention Make various corresponding change and deformation, but these change accordingly and deformation all should belong to institute of the present invention Attached scope of the claims.

Claims (10)

1. set up a device for direct-connected vpn tunneling, the management clothes being applied in video monitoring system Business device, described video monitoring system includes client and the monitoring device being positioned at different private network, and It is positioned at the management server of public network, it is characterised in that the described device setting up direct-connected vpn tunneling, Including:
VPN relay service modules, for setting up vpn tunneling respectively with client and monitoring device;
NAT burrows service module, maps IP address, port numbers for obtaining the public network of client, And the public network of monitoring device maps IP address, port numbers, the public network of client is mapped IP address It is sent to monitoring device with port numbers, the public network of monitoring device is mapped IP address and port numbers sends To client, so that client and monitoring device utilize the IP address and port number information each received Carry out burrowing cross-over NAT equipment, sets up and keeps the UDP between client and monitoring device to connect ;
Configuration module, is used for distributing monitoring device and client is respectively vpn tunneling role server With vpn tunneling client role, issue configuration information to client and monitoring device so that client End and monitoring device are by the direct-connected vpn tunneling of UDP connection establishment.
The device setting up direct-connected vpn tunneling the most according to claim 1, it is characterised in that Described configuration module assignment monitoring device and client are respectively vpn tunneling role server and VPN Tunnel client end role, issues configuration information to client and monitoring device so that client and monitoring When equipment is by UDP connection establishment direct-connected vpn tunneling, perform to operate as follows:
Distribution monitoring device is vpn tunneling server, issues the virtual of vpn tunneling server use The Microsoft Loopback Adapter address that NIC address and vpn tunneling client use, to monitoring device, issues and carries out The username and password of authentication is to monitoring device, in order to monitoring device completes vpn tunneling server Configuration, then starts on the private network IP address and private network port numbers of monitoring device and intercepts process, detect Listen the vpn tunneling connection request of vpn tunneling client, listen to vpn tunneling connection request After carry out subscription authentication and response, in monitoring device generate PPP Microsoft Loopback Adapter interface, and will distribution It is handed down to client to the Microsoft Loopback Adapter address of vpn tunneling client;
Distribution client is vpn tunneling client, the IP of notice client VPN tunnel server Address and public network that port numbers is monitoring device map IP address and port numbers, and issue and authenticate Username and password to client, in order to client sends to monitoring device and sets up vpn tunneling even Connect request, receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, PPP Microsoft Loopback Adapter interface is generated in client.
The device setting up direct-connected vpn tunneling the most according to claim 1, it is characterised in that Described configuration module is additionally operable to:
Notice client and monitoring device generate address for the purpose of the Microsoft Loopback Adapter address of the other side respectively Host routes.
The device setting up direct-connected vpn tunneling the most according to claim 3, it is characterised in that The purpose IP address of the Host routes of described client is the virtual net distributing to vpn tunneling server Card address, outgoing interface is the PPP Microsoft Loopback Adapter interface in client, the main frame road of described monitoring device By purpose IP address be the Microsoft Loopback Adapter address distributing to vpn tunneling client, outgoing interface for prison PPP Microsoft Loopback Adapter interface on control equipment.
5. set up a device for direct-connected vpn tunneling, the client being applied in video monitoring system , described video monitoring system includes client and the monitoring device being positioned at different private network, and is positioned at The management server of public network, it is characterised in that the described device setting up direct-connected vpn tunneling, including :
Client relaying VPN module, disappears for setting up vpn tunneling request to management server transmission Breath, sets up vpn tunneling with management server;
Client burrows module, maps IP for receiving the public network of the monitoring device that management server issues By the cross-over NAT equipment that burrows between address and port numbers, and monitoring device, set up and monitoring device Between UDP connect;
Client direct-connected VPN module, for receiving the configuration information that management server issues, with prison Control equipment passes through the vpn tunneling that UDP connection establishment is direct-connected.
The device setting up direct-connected vpn tunneling the most according to claim 5, it is characterised in that Described client direct-connected VPN module is receiving the configuration information that management server issues, and sets with monitoring Standby by vpn tunneling that UDP connection establishment is direct-connected time, perform following operation:
Distribution according to management server is arranged from as vpn tunneling client, receives management service IP address and the public network that port numbers is monitoring device of the vpn tunneling server that device issues map IP Address and port numbers, and carry out the username and password authenticated, send to monitoring device and set up VPN Tunnel connection request;
Receive the Microsoft Loopback Adapter address of the vpn tunneling client use that monitoring device issues, generate PPP Microsoft Loopback Adapter interface.
The device setting up direct-connected vpn tunneling the most according to claim 5, it is characterised in that Described client direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of monitoring device Host routes, the purpose IP address of described Host routes is the void distributing to vpn tunneling server Intending NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
8. setting up a device for direct-connected vpn tunneling, the monitoring being applied in video monitoring system sets Standby, described video monitoring system includes client and monitoring device, the Yi Jiwei being positioned at different private network Management server in public network, it is characterised in that the described device setting up direct-connected vpn tunneling, bag Include:
Monitoring device relaying VPN module, sets up vpn tunneling request for sending to management server Message, sets up vpn tunneling with management server;
Monitoring device burrows module, maps IP for receiving the public network of the client that management server issues By the cross-over NAT equipment that burrows between address and port numbers, and client, set up between client UDP connect;
Monitoring device direct-connected VPN module, for receiving the configuration information that management server issues, with Client passes through the vpn tunneling that UDP connection establishment is direct-connected.
The device setting up direct-connected vpn tunneling the most according to claim 8, it is characterised in that Described monitoring device direct-connected VPN module is receiving the configuration information that management server issues, with client When holding the vpn tunneling by UDP connection establishment is direct-connected, perform to operate as follows:
Distribution according to management server is arranged from as vpn tunneling server, receives management service The Microsoft Loopback Adapter address of the vpn tunneling server use that device issues and vpn tunneling client use Microsoft Loopback Adapter address, and carry out the username and password authenticated, self private network IP address and Start in private network port numbers and intercept process, intercept the vpn tunneling connection request of vpn tunneling client , after listening to vpn tunneling connection request, carry out subscription authentication and response, with certainly, generate PPP Microsoft Loopback Adapter interface, and client is handed down in the Microsoft Loopback Adapter address distributing to vpn tunneling client End.
The device setting up direct-connected vpn tunneling the most according to claim 8, it is characterised in that , described monitoring device direct-connected VPN module is additionally operable to:
Receive the notice of management server, generate address for the purpose of the Microsoft Loopback Adapter address of client Host routes, the purpose IP address of described Host routes is distribute to vpn tunneling client virtual NIC address, outgoing interface is the PPP Microsoft Loopback Adapter interface of self.
CN201610251272.8A 2016-04-21 2016-04-21 Device for establishing direct connection VPN tunnel Active CN105933198B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610251272.8A CN105933198B (en) 2016-04-21 2016-04-21 Device for establishing direct connection VPN tunnel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610251272.8A CN105933198B (en) 2016-04-21 2016-04-21 Device for establishing direct connection VPN tunnel

Publications (2)

Publication Number Publication Date
CN105933198A true CN105933198A (en) 2016-09-07
CN105933198B CN105933198B (en) 2020-01-14

Family

ID=56839644

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610251272.8A Active CN105933198B (en) 2016-04-21 2016-04-21 Device for establishing direct connection VPN tunnel

Country Status (1)

Country Link
CN (1) CN105933198B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107786411A (en) * 2017-10-19 2018-03-09 上海前隆信息科技有限公司 Inter-application communication tunnel connection/verification method/system, medium and equipment
CN108075950A (en) * 2017-12-13 2018-05-25 安徽皖通邮电股份有限公司 A kind of method of packet access network end-to-end path detection
CN108667675A (en) * 2018-08-14 2018-10-16 浙江亿邦通信科技有限公司 A kind of communication means, communication equipment and private line of communication are for network method
CN108881519A (en) * 2018-08-08 2018-11-23 成都俊云科技有限公司 A kind of NAT penetrating method and device
CN109120491A (en) * 2017-06-22 2019-01-01 格局商学教育科技(深圳)有限公司 It is a kind of for establishing the method and system of direct-connected vpn tunneling in net work teaching system
CN109121011A (en) * 2017-06-22 2019-01-01 格局商学教育科技(深圳)有限公司 A kind of online class living broadcast interactive system
CN109525514A (en) * 2018-12-26 2019-03-26 北京天融信网络安全技术有限公司 A kind of information transferring method and information carrying means
CN110311894A (en) * 2019-05-24 2019-10-08 帷幄匠心科技(杭州)有限公司 A kind of method that local area network internal dynamic penetrates
CN110740087A (en) * 2019-09-18 2020-01-31 视联动力信息技术股份有限公司 Message transmission method, terminal, gateway device, electronic device and storage medium
CN111064650A (en) * 2019-12-23 2020-04-24 浙江宇视科技有限公司 Method and device for dynamically changing tunnel connection service port number
CN111464821A (en) * 2020-04-01 2020-07-28 长沙文影网络科技有限公司 Audio and video live broadcast P2P holing optimization method
CN112584090A (en) * 2019-09-27 2021-03-30 浙江宇视科技有限公司 Public network video transmission method and system
CN113067908A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 NAT traversal method, device, electronic equipment and storage medium
CN113067910A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 NAT traversal method, device, electronic equipment and storage medium
CN113067911A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 NAT traversal method, device, electronic equipment and storage medium
CN114039949A (en) * 2021-12-24 2022-02-11 上海观安信息技术股份有限公司 Cloud service floating IP binding method and system
CN114244803A (en) * 2020-11-30 2022-03-25 易识科技(广东)有限责任公司 Tunnel penetration control method and system
CN114584528A (en) * 2020-11-17 2022-06-03 中国移动通信有限公司研究院 Tunnel establishment method, device and equipment
CN115694901A (en) * 2022-09-27 2023-02-03 河北轩昊信息技术有限公司 VPN tunnel communication method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212374A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for remote access to campus network resources
CN102065125A (en) * 2010-11-18 2011-05-18 广州致远电子有限公司 Method for realizing embedded secure socket layer virtual private network (SSL VPN)
CN102378982A (en) * 2009-03-30 2012-03-14 西科姆株式会社 Monitoring system and communication management device
CN102439912A (en) * 2009-03-30 2012-05-02 西科姆株式会社 Communication control device and monitoring device
CN102801695A (en) * 2011-05-27 2012-11-28 华耀(中国)科技有限公司 Communication equipment for virtual private network and data packet transmission method for communication equipment
CN103023898A (en) * 2012-12-03 2013-04-03 杭州迪普科技有限公司 Method and device for accessing intranet resource of virtual private network (VPN) server
CN103391234A (en) * 2013-08-01 2013-11-13 厦门市美亚柏科信息股份有限公司 Method for realizing multi-user fixed port mapping and PPTP VPN server side
CN104168457A (en) * 2014-08-18 2014-11-26 浙江宇视科技有限公司 Method and device for playing multiple media streams on demand
CN104579879A (en) * 2014-12-05 2015-04-29 上海斐讯数据通信技术有限公司 Virtual private network communication system, connection method and data packet transmission method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212374A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for remote access to campus network resources
CN102378982A (en) * 2009-03-30 2012-03-14 西科姆株式会社 Monitoring system and communication management device
CN102439912A (en) * 2009-03-30 2012-05-02 西科姆株式会社 Communication control device and monitoring device
CN102065125A (en) * 2010-11-18 2011-05-18 广州致远电子有限公司 Method for realizing embedded secure socket layer virtual private network (SSL VPN)
CN102801695A (en) * 2011-05-27 2012-11-28 华耀(中国)科技有限公司 Communication equipment for virtual private network and data packet transmission method for communication equipment
CN103023898A (en) * 2012-12-03 2013-04-03 杭州迪普科技有限公司 Method and device for accessing intranet resource of virtual private network (VPN) server
CN103391234A (en) * 2013-08-01 2013-11-13 厦门市美亚柏科信息股份有限公司 Method for realizing multi-user fixed port mapping and PPTP VPN server side
CN104168457A (en) * 2014-08-18 2014-11-26 浙江宇视科技有限公司 Method and device for playing multiple media streams on demand
CN104579879A (en) * 2014-12-05 2015-04-29 上海斐讯数据通信技术有限公司 Virtual private network communication system, connection method and data packet transmission method

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120491A (en) * 2017-06-22 2019-01-01 格局商学教育科技(深圳)有限公司 It is a kind of for establishing the method and system of direct-connected vpn tunneling in net work teaching system
CN109121011A (en) * 2017-06-22 2019-01-01 格局商学教育科技(深圳)有限公司 A kind of online class living broadcast interactive system
CN107786411A (en) * 2017-10-19 2018-03-09 上海前隆信息科技有限公司 Inter-application communication tunnel connection/verification method/system, medium and equipment
CN108075950A (en) * 2017-12-13 2018-05-25 安徽皖通邮电股份有限公司 A kind of method of packet access network end-to-end path detection
CN108075950B (en) * 2017-12-13 2021-07-20 安徽皖通邮电股份有限公司 Method for detecting end-to-end path of packet access network
CN108881519A (en) * 2018-08-08 2018-11-23 成都俊云科技有限公司 A kind of NAT penetrating method and device
CN108667675A (en) * 2018-08-14 2018-10-16 浙江亿邦通信科技有限公司 A kind of communication means, communication equipment and private line of communication are for network method
CN109525514A (en) * 2018-12-26 2019-03-26 北京天融信网络安全技术有限公司 A kind of information transferring method and information carrying means
CN110311894A (en) * 2019-05-24 2019-10-08 帷幄匠心科技(杭州)有限公司 A kind of method that local area network internal dynamic penetrates
CN110740087A (en) * 2019-09-18 2020-01-31 视联动力信息技术股份有限公司 Message transmission method, terminal, gateway device, electronic device and storage medium
CN112584090A (en) * 2019-09-27 2021-03-30 浙江宇视科技有限公司 Public network video transmission method and system
CN111064650A (en) * 2019-12-23 2020-04-24 浙江宇视科技有限公司 Method and device for dynamically changing tunnel connection service port number
CN113067908A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 NAT traversal method, device, electronic equipment and storage medium
CN113067910A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 NAT traversal method, device, electronic equipment and storage medium
CN113067911A (en) * 2020-01-02 2021-07-02 中国移动通信有限公司研究院 NAT traversal method, device, electronic equipment and storage medium
CN113067908B (en) * 2020-01-02 2023-03-31 中国移动通信有限公司研究院 NAT (network Address translation) traversing method and device, electronic equipment and storage medium
CN113067910B (en) * 2020-01-02 2023-05-09 中国移动通信有限公司研究院 NAT traversal method and device, electronic equipment and storage medium
CN111464821A (en) * 2020-04-01 2020-07-28 长沙文影网络科技有限公司 Audio and video live broadcast P2P holing optimization method
CN114584528A (en) * 2020-11-17 2022-06-03 中国移动通信有限公司研究院 Tunnel establishment method, device and equipment
CN114244803A (en) * 2020-11-30 2022-03-25 易识科技(广东)有限责任公司 Tunnel penetration control method and system
CN114244803B (en) * 2020-11-30 2024-06-04 易识科技(广东)有限责任公司 Tunnel penetration control method and system
CN114039949A (en) * 2021-12-24 2022-02-11 上海观安信息技术股份有限公司 Cloud service floating IP binding method and system
CN114039949B (en) * 2021-12-24 2024-03-26 上海观安信息技术股份有限公司 Cloud service floating IP binding method and system
CN115694901A (en) * 2022-09-27 2023-02-03 河北轩昊信息技术有限公司 VPN tunnel communication method and device
CN115694901B (en) * 2022-09-27 2023-09-26 河北轩昊信息技术有限公司 VPN tunnel communication method and device and electronic equipment

Also Published As

Publication number Publication date
CN105933198B (en) 2020-01-14

Similar Documents

Publication Publication Date Title
CN105933198A (en) Device for establishing direct connection VPN tunnel
CN107580065B (en) A kind of private clound cut-in method and equipment
CN105025044B (en) A kind of apparatus control method and system
US20070011733A1 (en) Unified architecture for remote network access
US8804562B2 (en) Broadband network system and implementation method thereof
US8611358B2 (en) Mobile network traffic management
CN104427010A (en) NAT (network address translation) method and device applied to DVPN (dynamic virtual private network)
CN105119787B (en) A kind of public internet access system and method based on software definition
CN113329101B (en) Remote login method and login device for edge computing node
CN103607345B (en) A kind of monitor node establishes the method and system of routing iinformation
CN105072213A (en) IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway
CN106789606A (en) A kind of network communicating system, its management method and communication means
CN103747116A (en) Business access method and device based on Layer 2 Tunneling Protocol (L2TP)
CN107333099A (en) Network camera with wireless relay function
CN112911001A (en) Cloud VPN and enterprise network automatic networking scheme
CN107547403B (en) Message forwarding method, message assistance device, controller and host
CN100365591C (en) Network address distributing method based on customer terminal
CN102983988B (en) A kind of proxy for equipment device and network administration apparatus
CN105915662B (en) A kind of data transmission method and device
CN103023789A (en) Method for accessing private network server in internet
CN100490393C (en) Method for accessing user network management platform
CN108123912A (en) A kind of micro services system for supporting P2P
US20080049765A1 (en) Method and system for inter working a point-to-point link and a LAN service
CN102710644B (en) Method and device for saving bandwidth in internet protocol (IP) monitoring system
TWI511496B (en) System of wireless communication, and method of management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant